Not what you are looking for? Ask the experts!
Trojan Backdoor Activity 45
I constantly get a message that this threat has been blocked: Trojan Backdoor Activity 45
I copied the following information from Norton:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking
Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2016/12/24 12:14:30 PM,High,An intrusion attempt by crazyfuckingslavemudak.xyz was blocked.,Blocked,No Action
Required,System Infected: Trojan Backdoor Activity 45,No Action Required,No Action
Required,"crazyfuckingslavemudak.xyz (22.214.171.124, 80)",crazyfuckingslavemudak.xyz/index.php,"JACQUESSWART
(192.168.1.37, 52724)",crazyfuckingslavemudak.xyz (126.96.36.199),"TCP, www-http"
Network traffic from <b>crazyfuckingslavemudak.xyz/index.php</b> matches the signature of a known attack. The
attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\EXPLORER.EXE. To stop being notified for this type of
traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
I then looked up detail on the IP address and found the following:
188.8.131.52 is a valid IPv4 address, probably located in Russian Federation (more)
Whois server responsible for 184.108.40.206/7 is whois.ripe.net
% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '220.127.116.11 - 18.104.22.168' % Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' inetnum: 188.8.131.52 - 184.108.40.206 netname: RU-KOLIIAGIN-19991103 country: RU org: ORG-TL405-RIPE admin-c: KI1200-RIPE tech-c: KI1200-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: DNRNET created: 2016-11-14T12:45:26Z last-modified: 2016-11-14T12:45:26Z source: RIPE organisation: ORG-TL405-RIPE org-name: Tolder LLC org-type: LIR address: Pobedy str 107, app 49 address: 03055 address: Kiev address: UKRAINE admin-c: KI1200-RIPE tech-c: KI1200-RIPE abuse-c: AR37737-RIPE mnt-ref: TOLDERNET mnt-by: RIPE-NCC-HM-MNT mnt-by: DNRNET created: 2016-09-26T07:41:31Z last-modified: 2016-10-08T10:01:23Z source: RIPE # Filtered phone: +74953084604 person: Koliagin Iuurii remarks: Tolder LLC remarks: www.toldernet.com address: Vatskay str 27 app 12 address: 127015 address: Moscow address: Russia phone: +74953084604 phone: +380442909939 nic-hdl: KI1200-RIPE mnt-by: TOLDERNET created: 2016-09-26T07:41:30Z last-modified: 2016-10-08T22:13:29Z source: RIPE % This query was served by the RIPE Database Query Service version 1.88 (HEREFORD)
Please advise on how I can either permanently stop these intrusions or report the ip address / owner for this abuse.